Security Services Markup Language

If you've worked with business-to-business (B2B) transactions, you know that security is often lacking in XML-based documents. You can implement your own document-level security to solve this problem, but then you must integrate the security information into each document and achieve agreement among all your partners about your new security schema.

Enter Netegrity's Security Services Markup Language (S2ML), a proposed standard that different companies (and, therefore, different applications) can use to share security information in both B2B and business-to-consumer (B2C) transactions. S2ML isn't a new security technology; it's simply a proposed industry standard (authored by Bowstreet, Commerce One, Jamcracker, Netegrity, Sun Microsystems, VeriSign, and webMethods) that you and all your partners can adhere to. And its goal is interoperability. (As you well know, the many different security solutions on the market don't interact with one another.) S2ML is a common language that could let businesses of all sizes securely share information about users, authorization, and Web services. The beauty of S2ML is that the same mechanisms you use to consume your XML documents can quickly digest the security information.

In B2C environments, S2ML would facilitate single sign-on (SSO) access and eliminate the annoying multiple logons users face when they visit secure Web sites. SSO functionality takes users' initial credentials and reuses them as needed to continually identify the users. As proposed, S2ML is designed to allow SSO access with all of your partner sites. Because it describes the authentication information using standard XML, the information can move with the user from site to site.

S2ML boils down to two XML schemas (name assertion and entitlement) and an XML-based request/response protocol for two services (authentication and authorization). When a successful authentication occurs, the system creates a name assertion that describes the authentication type, the authenticator, and the authenticated object (e.g., a user). An entitlement further describes the authenticated object.

I've only skimmed the S2ML surface. Oasis, a standards and interoperability consortium, has formed the Security Technical Committee, which is meeting January 9 to attempt to blend the proposed S2ML standard with a competing XML security standard&#151;Securant Technologies' AuthXML. If we're lucky, out of this meeting will come a single XML security standard that gives companies greater security authentication and authorization options when they share data among customers and partners. To learn more about S2ML, visit the S2ML Web site.

From the Blogs

The quest for the Golden Record to achieve a single, accurate and complete version of a customer record is worth the pursuit to attain survivorship. Record matching and consolidation are only the beginning. Melissa Data takes a new approach. Learn how to apply intelligent rules based on reference data to make smarter and better decisions for data cleansing....More

On SQL Servers where Availability Groups (or Mirroring) isn’t in play, I typically recommend keeping a combination of on-box backups along with copying said backups off-box as well. Obviously, keeping databases AND backups on the SAME server is the metaphorical equivalent of putting all of your eggs in one basket – and therefore something you should avoid like the plague....More

One of the biggest strengths of AlwaysOn Availability Groups is that they allow DBAs to address both high availability and disaster recovery concerns from a single set of tooling or interfaces. But, this doesn’t mean that you won’t still need backups....More